How does the enclave build procedure ensure that the content of an image cannot be altered between the conversion and a future run?

Application attestation handles this. During image conversion, Fortanix CCM generates the enclave hash (MRENCLAVE), signer (MRSIGNER), ISVPRODID, and ISVSVN. These values are created by the enclave application and supplied in the attestation report. Before providing a certificate, Fortanix CCM verifies the report and the application's integrity. Deviations from these values imply tampering. Consequently, the application fails.

For SGX, we hash the read-only and encrypted filesystem sections and include them in the enclave manifest. The manifest file is part of the original enclave picture, thus it is measured (MRENCLAVE).

AWS nitro's first enclave image and measurement include the whole enclave filesystem. AWS nitro solutions are like SGX. The filesystem hash is stored in the enclave image and measurements.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful